List of usage examples for java.security.cert X509Certificate getIssuerDN
public abstract Principal getIssuerDN();
From source file:org.ejbca.core.protocol.ocsp.OCSPUtil.java
/** * Checks if a certificate is valid/*from w w w .ja va 2 s .c o m*/ * Does also print a WARN if the certificate is about to expire. * @param signerCert the certificate to be tested * @return true if the certificate is valid */ public static boolean isCertificateValid(X509Certificate signerCert) { try { signerCert.checkValidity(); } catch (CertificateExpiredException e) { m_log.error(intres.getLocalizedMessage("ocsp.errorcerthasexpired", signerCert.getSerialNumber(), signerCert.getIssuerDN())); return false; } catch (CertificateNotYetValidException e) { m_log.error(intres.getLocalizedMessage("ocsp.errornotyetvalid", signerCert.getSerialNumber(), signerCert.getIssuerDN())); return false; } final long warnBeforeExpirationTime = OcspConfiguration.getWarningBeforeExpirationTime(); if (warnBeforeExpirationTime < 1) { return true; } final Date warnDate = new Date(new Date().getTime() + warnBeforeExpirationTime); try { signerCert.checkValidity(warnDate); } catch (CertificateExpiredException e) { m_log.warn(intres.getLocalizedMessage("ocsp.warncertwillexpire", signerCert.getSerialNumber(), signerCert.getIssuerDN(), signerCert.getNotAfter())); } catch (CertificateNotYetValidException e) { throw new Error("This should never happen.", e); } if (!m_log.isDebugEnabled()) { return true; } m_log.debug("Time for \"certificate will soon expire\" not yet reached. You will be warned after: " + new Date(signerCert.getNotAfter().getTime() - warnBeforeExpirationTime)); return true; }
From source file:com.xwiki.authentication.sts.STSTokenValidator.java
/** * validateIssuerDN(SignableSAMLObject samlToken, String subjectName) * Validates IssuerDN value from the certificate (extracted from samlToken). * @param samlToken SignableSAMLObject - saml Token * @param issuerName issuer name validate to * @return valid boolean => true, not valid => false * @throws UnmarshallingException, ValidationException, CertificateException *///from ww w. ja va 2 s.c o m private static boolean validateIssuerDN(SignableSAMLObject samlToken, String issuerName) throws UnmarshallingException, ValidationException, CertificateException { Signature signature = samlToken.getSignature(); KeyInfo keyInfo = signature.getKeyInfo(); X509Certificate pubKey = KeyInfoHelper.getCertificates(keyInfo).get(0); String issuer = pubKey.getIssuerDN().getName(); log.trace("passed issuerName: '" + issuerName + "' certificate IssuerDN: '" + issuer + "'"); return issuer.equals(issuerName); }
From source file:fr.inria.ucn.Helpers.java
/** * FIXME: remove once all servers have valid certificate * @return//from w w w . java 2 s. c om */ public static boolean isCaCertInstalledHack(String match) { boolean res = false; try { KeyStore ks = KeyStore.getInstance("AndroidCAStore"); ks.load(null, null); Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); X509Certificate cert = (X509Certificate) ks.getCertificate(alias); //Log.d(Constants.LOGTAG, "keystore: " + alias + "/" + cert.getIssuerDN().getName()); if (cert.getIssuerDN().getName().contains(match)) { res = true; break; } } } catch (KeyStoreException e) { Log.w(Constants.LOGTAG, "failed to check certificates", e); } catch (NoSuchAlgorithmException e) { } catch (CertificateException e) { } catch (IOException e) { } return res; }
From source file:nl.nn.adapterframework.http.AuthSSLProtocolSocketFactoryBase.java
protected static KeyStore createKeyStore(final URL url, final String password, String keyStoreType, String prefix) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { if (url == null) { throw new IllegalArgumentException("Keystore url for " + prefix + " may not be null"); }// www. j a v a 2 s . c o m log.info("Initializing keystore for " + prefix + " from " + url.toString()); KeyStore keystore = KeyStore.getInstance(keyStoreType); keystore.load(url.openStream(), password != null ? password.toCharArray() : null); if (log.isInfoEnabled()) { Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); log.info(prefix + " '" + alias + "':"); Certificate trustedcert = keystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; log.info(" Subject DN: " + cert.getSubjectDN()); log.info(" Signature Algorithm: " + cert.getSigAlgName()); log.info(" Valid from: " + cert.getNotBefore()); log.info(" Valid until: " + cert.getNotAfter()); log.info(" Issuer: " + cert.getIssuerDN()); } } } return keystore; }
From source file:com.xwiki.authentication.sts.STSTokenValidator.java
/** * validateToken(SignableSAMLObject samlToken) * Validates Token from SAMLlObject - returns boolen * Validates Token - exitracting sertificate from samlToken. * And validates it. Returning true or false according on validation results. * @param samlToken SignableSAMLObject/* ww w .j a v a2s .c om*/ * @return boolean valid => true, not valid => false */ private static boolean validateToken(SignableSAMLObject samlToken) throws SecurityException, ValidationException, ConfigurationException, UnmarshallingException, CertificateException, KeyException { // Validate XML structure samlToken.validate(true); Signature signature = samlToken.getSignature(); X509Certificate certificate = certFromToken(samlToken); // Certificate data log.debug("certificate issuerDN: " + certificate.getIssuerDN()); log.debug("certificate issuerUniqueID: " + certificate.getIssuerUniqueID()); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal()); log.debug("certificate notBefore: " + certificate.getNotBefore()); log.debug("certificate notAfter: " + certificate.getNotAfter()); log.debug("certificate serialNumber: " + certificate.getSerialNumber()); log.debug("certificate sigAlgName: " + certificate.getSigAlgName()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate signature: " + new String(certificate.getSignature())); log.debug("certificate issuerX500Principal: " + certificate.getIssuerX500Principal().toString()); log.debug("certificate publicKey: " + certificate.getPublicKey()); log.debug("certificate subjectDN: " + certificate.getSubjectDN()); log.debug("certificate sigAlgOID: " + certificate.getSigAlgOID()); log.debug("certificate version: " + certificate.getVersion()); BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(certificate); // Credential data cred.setEntityId(entityId); log.debug("cred entityId: " + cred.getEntityId()); log.debug("cred usageType: " + cred.getUsageType()); log.debug("cred credentalContextSet: " + cred.getCredentalContextSet()); log.debug("cred hashCode: " + cred.hashCode()); log.debug("cred privateKey: " + cred.getPrivateKey()); log.debug("cred publicKey: " + cred.getPublicKey()); log.debug("cred secretKey: " + cred.getSecretKey()); log.debug("cred entityCertificateChain: " + cred.getEntityCertificateChain()); ArrayList<Credential> trustedCredentials = new ArrayList<Credential>(); trustedCredentials.add(cred); CollectionCredentialResolver credResolver = new CollectionCredentialResolver(trustedCredentials); KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver(); ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(entityId)); Base64 decoder = new Base64(); // In trace mode write certificate in the file if (log.isTraceEnabled()) { String certEncoded = new String(decoder.encode(certificate.getEncoded())); try { FileUtils.writeStringToFile(new File("/tmp/Certificate.cer"), "-----BEGIN CERTIFICATE-----\n" + certEncoded + "\n-----END CERTIFICATE-----"); log.trace("Certificate file was saved in: /tmp/Certificate.cer"); } catch (IOException e1) { log.error(e1); } } return engine.validate(signature, criteriaSet); }
From source file:nu.yona.app.utils.AppUtils.java
public static boolean checkCACertificate() { boolean isCertExist = false; try {/*from w w w . ja v a 2s. c om*/ KeyStore ks = KeyStore.getInstance("AndroidCAStore"); if (ks != null) { ks.load(null, null); Enumeration aliases = ks.aliases(); if (YonaApplication.getEventChangeManager().getDataState().getUser() != null && YonaApplication .getEventChangeManager().getDataState().getUser().getSslRootCertCN() != null) { String caCertName = YonaApplication.getEventChangeManager().getDataState().getUser() .getSslRootCertCN(); if (!TextUtils.isEmpty(caCertName)) { while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) ks .getCertificate(alias); if (cert.getIssuerDN().getName().contains(caCertName)) { isCertExist = true; break; } } } } } } catch (Exception e) { reportException(AppUtils.class.getSimpleName(), e, Thread.currentThread()); } return isCertExist; }
From source file:org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator.java
public static void extractCertificateDetails(byte[] certificateBytes, CertificateResponse certificateResponse) throws CertificateManagementDAOException { try {//from www. j a v a2 s. c om if (certificateBytes != null) { java.security.cert.Certificate x509Certificate = (java.security.cert.Certificate) Serializer .deserialize(certificateBytes); if (x509Certificate instanceof X509Certificate) { X509Certificate certificate = (X509Certificate) x509Certificate; certificateResponse.setNotAfter(certificate.getNotAfter().getTime()); certificateResponse.setNotBefore(certificate.getNotBefore().getTime()); certificateResponse.setCertificateserial(certificate.getSerialNumber()); certificateResponse.setIssuer(certificate.getIssuerDN().getName()); certificateResponse.setSubject(certificate.getSubjectDN().getName()); certificateResponse.setCertificateVersion(certificate.getVersion()); } } } catch (ClassNotFoundException | IOException e) { String errorMsg = "Error while during deserialization of the certificate."; throw new CertificateManagementDAOException(errorMsg, e); } }
From source file:org.shelloid.common.ShelloidUtil.java
@Override public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException { for (X509Certificate cert : certs) { if (cert.getIssuerDN().getName().contains("Shelloid")) { this.certs.add(cert); } else {/*from w w w . j a va 2 s .co m*/ throw new CertificateException("Certificate DN doesn't contains shelloid"); } } }
From source file:org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial.java
/** * Constructor XMLX509IssuerSerial/*from w ww . ja va2 s . c o m*/ * * @param doc * @param x509certificate */ public XMLX509IssuerSerial(Document doc, X509Certificate x509certificate) { this(doc, RFC2253Parser.normalize(x509certificate.getIssuerDN().getName()), x509certificate.getSerialNumber()); }
From source file:com.axway.ebxml.KeyInfoWriter.java
/** * Builds the X509Data element sub-element of the KeyInfo element * @param doc Containing document to create the element for. Cannot be null. * @param cert <code>X509Certificate</code> to create the <code>X509Data</code> element for. Cannot be null. * @return Populated <code>X509Data</code> * @throws XMLSecurityException//from w ww .j a v a2 s . c o m */ private X509Data buildX509Data(org.w3c.dom.Document doc, X509Certificate cert) throws XMLSecurityException { X509Data x509Data; x509Data = new X509Data(doc); x509Data.addIssuerSerial(cert.getIssuerDN().getName(), cert.getSerialNumber()); x509Data.addSubjectName(cert); x509Data.addCertificate(cert); return x509Data; }